As artificial intelligence (AI) becomes ever more mainstream, the privacy aware members of society justifiably have many questions. In a recent effort to consolidate the thoughts around privacy and AI, Security Magazine gathered relevant quotes from some of the world’s leading privacy experts.
Raju Vegesna, Chief Evangelist, Zoho:
"In 2024, I expect businesses will begin implementing GenAI now that the hype has subsided and tangible use cases are coming to the forefront. Therefore, it is even more crucial for companies to remain vigilant about data privacy. Given the numerous breaches that have occurred recently and the inconsistent privacy policies worldwide, companies must be cautious. Governance will not save them, as most of the legislation is behind the technology's rate of evolution. Modern cyberattacks spare none; they are entirely random, targeting businesses of any size through vulnerabilities in their systems. These attacks have become so advanced that password protection is no longer sufficient.”
Larry Whiteside, Jr., CISO, RegScale:
“Privacy is an evolving aspect of our digital landscape, and its significance has been shaped by a pivotal driver: consumers actively expressing the importance of their data, particularly in the aftermath of numerous breaches compromising consumer information. Additionally, companies have been avidly engaging in data collection to gain valuable insights into the consumers they serve. Consequently, organizations are now under greater pressure than ever to handle data responsibly, which is particularly daunting for those managing large volumes of data.”
Greg Clark, Director of Product Management, OpenText Cybersecurity:
“Data privacy week is an important reminder to organizations, individuals and businesses alike to safeguard their data and maintain compliance. It is also an opportune time to take privacy to the next level. Given the vast amounts of data organizations have — which will grow exponentially with AI, machine learning (ML) and generative AI — using disparate methods to collect, process and manage data will no longer be enough. In today’s increasingly digitized world, a modern data privacy program needs to unify data discovery and protection to improve privacy and security postures. By modernizing and taking data privacy to the next level, organizations can remediate risk and ensure compliance and the responsible use of data while reducing their power consumption and carbon footprints from managing data. Most importantly, gaining control over data creates an opportunity to strengthen trust with investors, boards, business partners and customers in the face of increasingly stringent regulations and a complex security landscape. Upleveling data privacy should not be overlooked — organizations should take control this data privacy week to safeguard their data.”
Konrad Fellmann, VP, IT Infrastructure & Chief Information Security Officer, Cubic Corporation:
“Data Privacy in 2024 must look at the unique security and privacy considerations for organizations that partner with the public sector. In response to the recent surge in security and privacy mandates within public sector contracts, it is imperative that our security and privacy teams collaborate closely with our contracts department. This joint effort is essential to ensure a comprehensive understanding and assessment of these new requirements, as well as to evaluate the resources needed for compliance. Proactive engagement and deep knowledge of these stipulations will not only streamline contract execution but also optimize both time and financial investments throughout the duration of the contract. Embracing this approach is key to navigating the evolving landscape of public sector agreements with efficiency and expertise.”
Chris Gibson, CEO, FIRST:
“Despite the perception of security as dull at times, its foundation lies in a fundamental yet crucial step — comprehending the data we hold and its significance. Prioritizing key elements allows us to construct a defense strategy tailored to what matters most and a plan to respond as needed. Complacency has no place in the realm of security. Learning from sectors like banks and hospitals, which excel in securing sensitive information, is crucial. Making ransomware prevention a top priority underscores the need for measures to prevent potential hacks. Dedication to these principles becomes the linchpin in achieving and maintaining compliance with privacy laws.”
Patrick Grau, FIRST AI Security SIG Chair and Cyber Threat Intelligence Lead, Bosch Group:
“As with any new technology, AI systems also bring forth new types of vulnerabilities, creating the potential for misuse by threat actors targeting companies. The design, development and deployment of secure AI systems will play a crucial role as regulations continue to increase trust in the technology. Compliance programs are essential to minimize overall risk and safeguard inputs against threats, such as prompt injection. Additionally, they help secure the model against theft, protect data from training data poisoning and prevent sensitive information disclosure in the outputs. Incorrect application of these measures can result in unintended consequences, including data breaches, misinformation and overall economic losses.”
Justin Daniels, Faculty, IANS Research:
“Despite an increasing number of privacy laws around the world, many people still have little understanding of how much information is collected about them every hour of every day. In the United States, Congress has yet to pass meaningful privacy legislation at the federal level, resulting in a patchwork of privacy laws that vary from state to state. This lack of clear federal data privacy guidelines makes it painfully difficult for individuals to make informed decisions about how and when to share their personal data and what level of data protection to expect from the companies collecting it. As we mark another Data Privacy Day, one goal should be for individuals to become more cautious about sharing their data for a discounted price or minor perk. As they become more data-privacy conscious, brands that protect and manage customer data responsibly will build trust with customers online, offline and around the world.”